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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E] Responsive to communication(s) filed on 23 May 2005 . 
2a)D This action is FINAL. 2b)[x] This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 7-77 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) M Claim(s) 7-73 and 17 is/are allowed. 

6) H Claim(s) 74-76 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

£))□ The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Response to Arguments 

1 . In view of the appeal brief filed on May 23, 2005, PROSECUTION IS HEREBY 
REOPENED. A rejection of claims 14-16 is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) request reinstatement of the appeal. 

If reinstatement of the appeal is requested, such request must be accompanied 
by a supplemental appeal brief, but no new amendments, affidavits (37 CFR 1 .130, 
1 .131 or 1 .132) or other evidence are permitted. See 37 CFR 1 .193(b)(2). 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

3. Claims 14-16 are rejected under 35 U.S.C. 102(a) as being anticipated by Hsu et 
al, U.S. Patent 5,982,898. 
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As per claim 14, it is disclosed by Hsu et al of a public key authentication system 
for use in a computer system having a plurality of users. The system comprises an 
authentication server (registration authority), a directory service (certificate authority) 
connected to the authentication server (registration authority), and a host system 
(server)(as shown in Figure 2). The directory service (certificate authority) includes a 
plurality of public keys, wherein each public key is associated with a unique user 
identifier (col. 1, lines 38-52). The host system (server) includes a public key 
authentication client and an interface to a smart card enabled application, wherein the 
public key authentication client is connected to the authentication server (registration 
server)(col. 1 , lines 6-9 and col. 4, lines 46-55). The public key authentication client 
receives a challenge issued by the authentication server (registration authority), signs 
the challenge with a digital signature representing a user and sends the digital signature 
of the challenge back to the authentication server (registration authority)(col. 4, lines 46- 
55). The authentication server (registration authority) receives the digital signature of 
the challenges and verifies the digital signature with a public key retrieved from the 
directory service, (certificate authority)(col. 4, line 56 through col. 5, line 10). 

As per claim 15, Hsu et al teaches that the authentication server (registration 
authority) includes role based access control (authorizations)(col. 7, lines 42-46). 

As per claim 16, it is taught by Hsu et al that the authentication server 
(registration server) includes automatic logging of authentication attempts (col. 7, lines 
42-48). 
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Allowable Subject Matter 

4. Claims 1 -1 3 and 1 7 are allowed. 

5. The following is a statement of reasons for the indication of allowable subject 
matter: 

As per claim 1 , it was not found to be taught in the prior art of a virtual smart card 
agent connected to a virtual smart card server, the virtual smart card agent includes a 
user authentication interface for use by a user in entering a one-time password, the 
virtual smart card agent authenticates the user using the one-time password and 
accesses the authenticated user's virtual smart card to obtain the user's private key. 

As per claim 10, it was not found to be taught in the prior art of entering a one- 
time password, encrypting the one time password with a first key assigned to a first user 
to form an encrypted one-time password, accessing, via the digital certificate, a second 
key assigned to the first user, decrypting the encrypted one-time password with the 
second key associated with the digital certificate to recover the one-time password, and 
comparing the one-time password against an expected one-time password. The 
examiner is interpreted the second key as being a public key and the first key as being 
a private key as is recited in the applicant's specification on page 8, lines 7-16. 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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Yoshizawa, US 2001/0014869 discloses of a certificate using public keys and 
encrypting a user registration request and a random password using the private key. 

Yu et al, U.S. Patent 6,067,621 discloses using one-time passwords and 
synchronizing a terminal and server for the use of the one-time password. 

Lee et al, US 2005/0071636 discloses of inputting a password to obtain a private 
key stored on a smart card. 

Franklin et al, U.S. Patent 6,000,832 discloses entering a password to retrieve a 
private key. 

Khidekel et al, U.S. Patent 6,636,975 discloses of issuing a digital certificate to a 
user and signing a combination of authentication information and a certificate identifier 
for the certificate to form a unique user identifier. 

Al-Salqan, U.S. Patent 6,775,382 discloses recovering encryption keys. 

Kaufman et al, U.S. Patent 5,497,421 discloses of using a password to retrieve 
an encrypted private key. 

Hamann et al, U.S. Patent 6,516,357 discloses of using virtual smart cards. 

He, U.S. Patent 5,944,824 discloses of single sign-on. 

Nystrom, "The SecurlD SASL Mechanism" discloses of the use of a one-time 
password used for access control. 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 571- 
272-3794. The examiner can normally be reached on Monday-Friday, 6:30am-3:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Christopher Revak 
Primary Examiner 
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